04/23/2007 18:07 FAX 6508395071 



FISH & RICHARDSON 



0003 



Applicant : Bill Shapiro et al. 

Serial No. : 10/659,874 

Filed : September % 2003 

Page ; 2 of 17 



Attorney's Docket No.: 07844-609001 / P562 



Amendments to the Claims : 

This listing of claims replaces all prior versions and listings of claims in the application: 
Listing of Claims : 

I. (Currently Amended) A method of controlling access to an electronic document, comprising: 
receiving at a document management system a request from a first user for an electronic 

document at a first user location, a rendition of the electronic document being stored in a 

document repository in the document management system; 

authenticating the first user at the document management system[[,]] using a set of access 

policies for the electronic document , the set of access policies including access policies for a 

plurality of users; [[,]] 

verifying to - v e rify that the first user is authorized to obtain the electronic document, [[;]] 

and 

when [[if]] the first user is authorized to obtain the electronic document, 

passing an encrypted rendition of the electronic document to the first user; 

receiving at the document management system a request from a the 

second user for access to the encrypted rendition , where the second user received the encrypted 
rendition from the first user : 

authenticating the second user at the document management system, using the set 

of access policies, to establish which operations the second user is allowed to perform on -the 
encrypted rendition; 

creating, at the document management system, a vouche r for accessing the 

encrypted rendition , the voucher including the set of access policies for controlling access to the 
encrypted rendition of the electronic document, the voucher further including an electronic key 
operable to decrypt the encrypted rendition of the electronic document and tho Got of acc e ss 
policies for tho oloctronic document ; and 

passing the electronic voucher to the second user located at a second user 

location, 
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2. (Original) The method of claim 1, further comprising: 

creating, at the document management system, the encrypted rendition using the 
rendition that is stored in the document repository. 

3. (Original) The method of claim 1, wherein creating a voucher comprises: 

obtaining the set of access policies for the second user from an access control list thai is 
associated with the electronic document; and 

including the obtained set of access policies in the electronic voucher. 

4. (Original) The method of claim 1, wherein the set of access policies for the electronic 
document identify one or more of the following operations: 

adding content to the rendition, adding comments to the rendition, applying a digital 
signature to the rendition, saving the rendition, printing the rendition, importing form data into 
the rendition, exporting form data from the rendition, and transmitting the rendition to another 
user. 

5. (Currently Amended) The method of claim 1, further compris i ng - where the set of access 
policies include: 

inoluding a list of application rights in th e e l e ctronic vouohor prior t o paccing th o 
electronic vouchor to the s e cond - us e r location . 

6. (Original) The method of claim 1, further comprising: 

including expiration information in the electronic voucher prior to passing the electronic 
voucher to the second user location. 

7. (Original) The method of claim 6, wherein the expiration information includes one or more 
of: 

a predetermined number of access operations before the voucher expires, a particular 
time period before the voucher expires, and a particular time when the voucher expires. 
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8, (Original) The method of claim 2, wherein: 

providing the encrypted rendition includes providing the encrypted rendition from a 
location other than the document repository. 

9- (Original) The method of claim 8, wherein: 

providing the encrypted rendition includes providing the encrypted rendition from the 
first user location. 

10. (Original) The method of claim 1, wherein the rendition is a Portable Document Format 
document. 

11. (Original) The method of claim 1, further comprising: 

recording information relating to the request in an audit trail for the electronic document 

12. (Original) The method of claim 1, wherein the first user and the second user are the same 
individual. 

13. (Original) The method of claim 1, wherein the first user location and the second user 
location are identical. 
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14. (Currently Amended) A method of accessing an electronic document, comprising: 

requesting, from a document management system, access to an electronic document for a 
user at a user location to an o l octronic docum e nt , one or more renditions of the electronic 
document being stored in a document repository in the document management system; 

receiving at the user location an electronic voucher from the document management 
system for the electronic document, the electronic voucher b e ing - is s ued by tho docum e nt 
monagom o nt system and including a set of access policies for accessing an encrypted rendition of 
the electronic document, the set of access policies including access policies for a plurality of 
users, and an electronic key operable to decrypt the [[an]] encrypted rendition of the electronic 
document; and 

using the electronic key of the electronic voucher at the user location to decrypt the 
encrypted rendition of the electronic document according to the set of access, policies , 

15. (Original) The method of claim 14, further comprising: 

determining whether the encrypted rendition of the electronic document is available at the 
user location; 

wherein, if it is determined that the encrypted rendition is available at the user location, 
requesting access includes: 

extracting from the encrypted rendition a reference to the document repository where one 
or more renditions of the electronic document are stored; and 

requesting access to the rendition from the document repository identified by the 
extracted reference. 
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16. (Original) The method of claim 15, wherein: 

the encrypted rendition includes a document identifier and the reference to the document 
repository includes a path for accessing the document repository over a computer network; and 
requesting access includes: 

retrieving the document identifier and the path from the encrypted rendition; and 
sending an access request to the document repository specified by the retrieved path, the 
access request including the document identifier. 

17. (Cancelled) 

18. (Original) he method of claim 17, wherein the set of access policies include information 
indicating that a u$er at the user location is authorized to perform one or more of the following 
operations: 

adding content to the electronic document, adding comments to the electronic document, 
applying a digital signature to the electronic document, saving the electronic document, printing 
the electronic document, importing form data into the electronic document, exporting form data 
from the electronic document, and transmitting the electronic document to another user. 

19. (Original) The method of claim 17, further comprising: 

verifying, at the user location, that one or more requested operations are allowed by the 
set of access policies for the electronic document. 

20. (Original) The method of claim 17, wherein: 

the set of access policies is a set of access policies that resides in the document repository 
and specifies access rights to the electronic document. 

21. (Original) The method of claim 14, wherein: 

the electronic voucher further includes a set of application rights, the application rights 
being operable to enable one or more disabled operations in an electronic document software 
application at the user location. 
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22. (Original) The method of claim 14, wherein the rendition is a Portable Document Format 
document. 

23. (Original) The method of claim 14, further comprising: 

storing the received voucher at the user location. 

24. (Original) The method of claim 14, wherein receiving an electronic voucher comprises: 

determining whether an electronic voucher is stored locally at the user location; and 
if the electronic voucher is stored locally, retrieving the electronic voucher from the local 
storage; 

if the electronic voucher is not stored locally, requesting an electronic voucher fiom the 
document management system. 

25. (Original) The method of claim 14, further comprising: 

receiving an encrypted rendition of the electronic document. 

26. (Original) The method of claim 14, wherein: 

the voucher includes expiration information including one or more of: a predetermined 
number of access operations before the voucher expires, a particular time period before the 
voucher expires, and a particular time when the voucher expires. 
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27. (Currently Amended) A method for controlling access to an electronic document, 
comprising: 

receiving at a document management system a request from a user for access to an 
electronic document at a user location, a rendition of the electronic document being stored in a 
document repository in the document management system; 

authenticating the user at the document management system, to verify that the user is 
authorized to access the electronic document; ITandl] wherein, aad 

when [[if]] the user is authorized to access the electronic document, 

creating, at the document management system, an encrypted rendition of the electronic 
document using the rendition of the electronic document that is stored in the document 
repository; 

creating, at the document management system, a voucher for accessing the encrypted 
rendition, the voucher including a set of access policies for controlling access to the encrypted 
rendition of the electronic document the set of access policies including access policies for a 
plurality of users, the voucher further including an electronic key operable to decrypt an 
encrypted rendition of the electronic document; and 

passing the electronic voucher to the user location. 

28. (Currently Amended) A computer program product, tangibly stored on a computer-readable 
medium, for controlling access to an electronic document, comprising instructions operable to 
cause a programmable processor to: 

receive at a document management system a request from a first user for an electronic 
document at a first user location, a rendition of the electronic document being stored in a 
document repository in the document management system; 

authenticate the first user at the document management system, using a set of access 
policies for the electronic document , the set of access policies including access policies for a 
plurality of users; [[, to]] 

verify that the first user is authorized to obtain the electronic document; and when 

[[if]] the first user is authorized to obtain the electronic document, 
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pass an encrypted rendition of the electronic document to the first user; 

receive at the document management system a request from a second user for access to 

the encrypted rendition, where the second user received the encrypted rendition from the first 
user : 

authenticate the second user at the document management system, using the set of access 
policies, to establish which operations the second user is allowed to perform on the encrypted 
rendition; 

create, at the document management system, a voucher for accessing the encrypted 
rendition, the voucher including die set of access policies for controlling access to the encrypted 
rendition of the electronic document the voucher further including an electronic key operable to 
decrypt the encrypted rendition of the electronic document and th e s e t of acoooa policioG for the 
e l e ctronic document ; and 

pass the electronic voucher to the second user located at a second user location. 

29. (Original) The computer program product of claim 28, further comprising instructions to: 

create, at the document management system, the encrypted rendition using the rendition 
that is stored in the document repository. 

30. (Original) The computer program product of claim 29 9 wherein the instructions to create a 
voucher comprise instructions to: 

obtain the set of access policies for the second user from an access control list that is 
associated with the electronic document; and 

include the obtained set of access policies in the electronic voucher. 

3 1 . (Original) The computer program product of claim 29, wherein the set of access policies for 
the electronic document identify one or more of the following operations: 

adding content to the rendition, adding comments to the rendition, applying a digital 
signature to the rendition, saving the rendition, printing the rendition, importing form data into 
the rendition, exporting form data from the rendition, and transmitting the rendition to another 
user. 
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32. (Currently Amended) The computer program product of claim 29, where the set of access 
policies include: f urth e r comprising instructions to: 

includ e a list of application rights in the e l e ctronic vouch e r prior to passing tho oloctronic 
vouch e r to th e o e cond user location . 

33. (Original) The computer program product of claim 29, further comprising instructions to: 

include expiration information in the electronic voucher prior to passing the electronic 
voucher to the user location. 

34. (Original) The computer program product of claim 33, wherein the expiration information 
includes one or more of: a predetermined number of access operations before the voucher 
expires, a particular time period before the voucher expires, and a particular time when the 
voucher expires. 

35. (Original) The computer program product of claim 28, wherein: 

the instructions to provide the encrypted rendition include instructions to provide the 
encrypted rendition from a location other than the document repository. 

36. (Original) The computer program product of claim 35, wherein: 

the instructions to provide the encrypted rendition include instructions to provide the 
encrypted rendition from the first user location. 

37. (Original) The computer program product of claim 28, wherein the rendition is a Portable 
Document Format document. 

38. (Original) The computer program product of claim 28, further comprising instructions to: 

record information relating to the request in an audit trail for the electronic document. 

39. (Original) The computer program product of claim 28, wherein the first user and the second 
user are the same individual. 
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40. (Original) The computer program product of claim 28, wherein the first user location and 
the second user location axe identical. 

4 1 . (Currently Amended) A computer program product, tangibly stored on a computer-readable 
medium, for accessing an electronic document, comprising instructions operable to cause a 
programmable processor to: 

request, from a document management system, access to an electronic document for a 
user at a user location to an clootronic document , one or more renditions of the electronic 
document being stored in a document repository in the document management system; 

receive at the user location an electronic voucher from the document management system 
for the electronic document, the electronic voucher b e ing issued by tho docum e nt managom o nt 
syst e m and including a set of access policies for accessing the encrypted rendition of the 
electronic document the set of access policies including access policies for a plurality of users, 
and an electronic key operable to decrypt the [[an]] encrypted rendition of the electronic 
document; and 

use the electronic key of the electronic voucher at the user location to decrypt the 
encrypted rendition of the electronic document according to the set of access policies . 

42. (Original) The computer program product of claim 41, further comprising instructions to; 

determine whether the encrypted rendition of the electronic document is available at the 
user location; 

wherein, if it is determined that the encrypted rendition is available at the user location, 
requesting access includes instructions to: 

extract from the encrypted rendition a reference to the document repository where one or 
more renditions of the electronic document are stored; and 

request access to the rendition from the document repository identified by the extracted 
reference. 
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43. (Original) The computer program product of claim 42, wherein: 

the encrypted rendition includes a document identifier and the reference to the document 
repository includes a path for accessing the document repository over a computer network; and 
the instructions to request access include instructions to: 
retrieve the document identifier and the path from the encrypted rendition; and 
send an access request to the document repository specified by the retrieved path, the 
access request including the document identifier. 

44. (Cancelled) 

45. (Original) The computer program product of claim 44, wherein the set of access policies 
include information indicating that a user at the user location is authorized to perform one or 
more of the following operations: 

adding content to the electronic document, adding comments to the electronic document, 
applying a digital signature to the electronic document, saving the electronic document, printing 
the electronic document, importing form data into the electronic document, exporting form data 
from the electronic document, and transmitting the electronic document to another user. 

46. (Original) The computer program product of claim 44, further comprising instructions to: 

verify, at the user location, that one or more requested operations are allowed by the set 
of access policies for the electronic document. 

47. (Original) The computer program product of claim 44, wherein: 

the set of access policies is a set of access policies that resides in the document repository 
and specifies access rights to the electronic document. 

48. (Original) The computer program product of claim 41, wherein: 

the electronic voucher further includes a set of application rights, the application rights 
being operable to enable one or more disabled operations in an electronic document software 
application at the user location. 
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49. (Original) The computer program product of claim 41, wherein the rendition is a Portable 
Document Format document 

50. (Original) The computer program product of claim 41, further comprising instructions to: 

store the received voucher at the user location. 

5 1 . (Original) The computer program product of claim 41 , wherein the instructions to receive 
an electronic voucher comprise instructions to: 

determine whether an electronic voucher is stored locally at the user location; and 
if the electronic voucher is stored locally, retrieving the electronic voucher from the local 
storage; 

if the electronic voucher is not stored locally, request an electronic voucher from the 
document management system. 

52. (Original) The computer program product of claim 41, further comprising instructions to: 

receive an encrypted rendition of the electronic document. 

53. (Original) The computer program product of claim 41, wherein: 

the voucher includes expiration information including one or more of: a predetermined 
number of access operations before the voucher expires, a particular time period before the 
voucher expires, and a particular time when the voucher expires. 



PAGE 14/18* RCVD AT 4/23/2007 9:07:00 PM [Eastern Daylight Time] ■ SVR:USPTO-EFXRF-6/6 1 DNIS:2738300 * CS1D:6508395071 * DURATION (mm-ss):04-06 



04/23/2007 18:09 FAX 6508395071 



FISH & RICHARDSON 



0015 



Applicant : Bill Shapiro et al. 

Serial No. : 10/659,874 

Filed : September 9, 2003 

Page : 14 of 17 



Attorney's Docket No.: O7844-609001 / P562 



54. (Currently Amended) A computer program product, tangibly stored on a computer-readable 
medium, for controlling access to an electronic document, comprising instructions operable to 
cause a programmable processor to: 

receive at a document management system a request from a user for access to an 
electronic document at a user location, a rendition of the electronic document being stored in a 
document repository in the document management system; 

authenticate the user at the document management system, to verify that the user is 
authorised to access the electronic document [[, tf and]] wherein, 

when [[if]] the user is authorized to access the electronic document, 

create, at the document management system, an encrypted rendition of the electronic 
document using the rendition of the electronic document that is stored in the document 
repository; 

create, at the document management system, a vouche r for accessing the encrypted 
rendition the voucher including a set of access policies for controlling access to the encrypted 
rendition of the electronic document, the set of access policies including access policies for a 
plurality of users, the voucher further including an electronic key operable to decrypt an 
encrypted rendition of the electronic document; and 

pass the electronic voucher to the user location. 
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